Post navigation

Bromium and Microsoft: Is Micro-Virtualization the Next Step in Cyber Security?

Using virtual machines to isolate programs and processes that could be harmful in the computing community for years. This ensures that the hardware is fully isolated and cannot be harmed by malicious code. A company called Bromium has taken this concept and created what they call “Micro-Virtualization”, a process of taking programs and running it in their own environment, so nothing they do can effect the hardware directly. This creates a computer that essentially acts as a controller, isolating itself from the actual processes its running to remain uninfected from any attack. However, running this as a 3rd party component of a server or workstation operating system might lead to a slow down in load times and efficiency.

Taking on this problem, Bromium has created a partnership with Microsoft, integrating parts of their system directly into the operating system, rather than having it run on top of it. This would make the ‘hand off’ of programs from hardware to VM seamless, as well as make sure there are no faults in configuring how the program works.

Photo Courtesy ofblogs.bromium.com

So how does it work? The largest component of Bromium is a system that they call the ‘Microvisor’, which is the name of the Micro-Virtualization implementation that they came up with in Windows 10. By doing this, they claim that any program that is run is perfectly safe, as it eliminates the dangers of ‘Zero Day’ exploits, un-patchable programs, and unpatched programs in the system. The company also claims that the hardware and the system will be ‘invulnerable’.

The other side of the integration is ‘LAVA’, which is their answer to how forensics can be conducted within the Microvisor system that they developed. It works by letting the attack develop in the Micro-Virtualization, and then reporting it to the administrators on the network, giving the full details of the attempted attack as it unfolds in a safe environment. This can help administrators learn how the attacks work in real time, as well as help them develop ways to counter them, or even trace them back without the threat of the virus spreading.

While this system seems secure as it is, no system is ever 100 percent secure. While the Microvisor system runs low in the operating system, it still is not at the kernel level, and thus could theoretically be bypassed. However, the author does believe that this system might be the best step forward in the Cyber Security world, as it catches vulnerabilities in a virtual net so they can be easily managed and dealt with as they arise.